The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: IT security

Keeping the Bots at Bay: How to Detect Brute Force Attacks

Keeping the Bots at Bay: How to Detect Brute Force Attacks

November 20, 2014Swati Khandelwal
Thanks to recent events involving certain celebrities' stolen pictures, "brute-force attack" is now one of the hot buzz words making its rounds. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it? A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found. Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you'll usually see a crazy amount of failed login attempts, usually originating from the same IP address. You might even see the same accoun
'The Hacker News' Celebrating its 4th Anniversary

'The Hacker News' Celebrating its 4th Anniversary

November 01, 2014Mohit Kumar
Dear THN Readers, ' The Hacker News ' is celebrating its 4th Anniversary today and we would like to thank every single Hacker, Researcher, Journalist, Enthusiast who has contributed to our phenomenal growth. When we began our journey 4 years back as a Small Local Community of few Hackers and Security Researchers, we had a dream of providing the Hacking Community with World's not first but best Hacking and IT Security News Platform. We wanted to gift hacking community members and security researchers their own trusted and an unique News platform, which is run by Hackers and dedicated to Hackers, a platform which is free from Censorship, Conventions, Governments and Borders. Now, we have been Internationally recognized as a leading news source dedicated to promoting awareness for cyber security experts and hackers. We are happy to announce that this project is now Supported and endorsed by thousands of Security Experts, administrators and members of vario
Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)

July 14, 2014Swati Khandelwal
For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries. Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools. As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX) . What is the Open Threat Exchange (OTX)? OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,
'The Hacker News' Magazine - Relaunching New Editions

'The Hacker News' Magazine - Relaunching New Editions

February 04, 2014Swati Khandelwal
Dear Readers,  After publishing 15 informative editions of ' The Hacker News ' magazine in past 2 years; we at THN are again planning to relaunch the new Chapters of ' The Hacker News Magazine '. The Hacker News (THN) Monthly Magazine is the most comprehensive and informative collection of IT Security, Hacking and innovative technological notions since about 2011. THN Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Now on the demand of our readers, we are going to launch our new Monthly editions of the THN Magazine with some new sections, innovative themes in addition with some interactive interview sessions, from the month of March this year. We cordially invite IT adepts and specialists to contribute as Authors with their new researches and knowledgeable articles, as the goal of our Free Hacking Magazine is to provide the most up-to-date information on a wide variety of topics that relate to hackers
DDoS Attacks : A Serious unstoppable menace for IT security communities

DDoS Attacks : A Serious unstoppable menace for IT security communities

October 18, 2013Anonymous
It should be the busiest day of the year for your business, but your website has just disappeared off the Internet and orders have dried up. If this happens to you, then you likely just become yet another victim of a distributed denial of service (DDoS) attack . By now, everyone who uses the Internet has come across DDoS attacks . It is one of the oldest attack technologies on the web, and a popular way of paralyzing the huge data centers. Just yesterday we have reported about a massive 100Gbps DDoS attack that hit World's 3rd Largest Chinese Bitcoin exchange for 9 hours. Arbor Networks, a leading provider of DDoS and advanced threat protection solutions, today released data on global distributed denial of service (DDoS) attack trends for the first three quarters of 2013, revealed that this kind of attack still represents a serious menace for IT security communities.  The document provides an interesting overview into Internet traffic patterns and threat evolutio
Importance of Logs and Log Management for IT Security

Importance of Logs and Log Management for IT Security

October 02, 2013Wang Wei
IT Security is the name of the game and no matter how big or small the size of your organization, you will always invest enough on securing certain aspects of your IT network. In many organizations, it starts with monitoring your network for vulnerabilities that may enter the network to access potentially sensitive information in the form of security attacks . For example, you may have firewalls as your first line of defense, followed by vulnerability management, intrusion detection and prevention systems, managing your network configurations and so on.  These are crucial because: Your routers can be easily breached without proper configuration and restrictions.  If a firewall isn't configured correctly, a hacker can easily spot a port that is accidentally left open and can gain access to the network.  Rogue access points, botnet malware and social engineering can make your wireless a porthole into your LAN. Why Logs? The very purpose of IT security is to be
Snowden files : NSA can crack almost any Encryption including Tor anonymity network

Snowden files : NSA can crack almost any Encryption including Tor anonymity network

September 07, 2013Mohit Kumar
The spy agencies' activities have gone on for more than a decade. Now we have enough details about how the NSA eavesdrops on the internet, another explosive news has emerged yesterday from the Snowden files that NSA has the ability to decrypt most of anything that is on the internet. They have done this not through cracking encryption mathematically, but by secretly using influence and billions of dollars to insert backdoors designed to preserve their ability to eavesdrop.  Also the majority of devices connected to the Tor anonymity network may be using encryption keys that can be broken by the National Security Agency, according to Rob Graham, CEO of penetration testing firm Errata Security. The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. Graham arrived at that conclusion after analyzing nearly 23,000 Tor connections through an exit node that Graham controls and about 76 percent of the
EHACK : The Largest Information Security Awareness Marathon Globally

EHACK : The Largest Information Security Awareness Marathon Globally

August 16, 2013Mohit Kumar
More than 9000+ participants enter the Guinness book of World Records for the largest congregation for information Security. E-Hack, world largest Ethical Hacking workshop was organized by InfySEC at SRM University on July 27 and 28,2013 . The expected participant count was 4500+ but on the day of the event the participant count were as high as 9637 students participated to be a part of E-HACK making it the LARGEST IT SECURITY AWARENESS MARATHON GLOBALLY , which made the organizing team to facilitate other two mini auditorium available in the same venue with speakers like Mr. Karthikeyan,founder of Zazvik Solutions, Mr.Santhosh Srinivasan, director of Symantec,Mr.Patrick Martinent, a Google developer Expert, Mr. Vinod Senthil,Director of Infysec, Mr.Ashish Chandra Mishra,Chief Information Security Officer at Tesco HSC, Mr. Rishi Narang,lead consultant with Aujas Networks , VT Gopal - Professor, Anna University and Dr.Prateep V.Philip IPS,AGDP, Tamil Nadu Crime Division.
Google: Gmail Users Should Have No Expectation of Privacy

Google: Gmail Users Should Have No Expectation of Privacy

August 15, 2013Mohit Kumar
Edward Snowden has done enough to highlight how vulnerable electronic communications are to surveillance and Gmail users should not expect privacy from Google. Lavabit is no more. Silent Circle has shuttered its secure email service. A California watchdog group says  that Gmail users now have a reason to pause before hitting " send ". California-based Consumer Watchdog, which claims Google made a "stunning admission" in a recent legal brief when the tech giant wrote that people should expect the contents of their emails to be perused. " Google has finally admitted they don't respect privacy, " he said in a statement . " People should take them at their word; if you care about your email correspondents' privacy, don't use Gmail. " " Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient
Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

August 15, 2013Mohit Kumar
This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate
FBI raided Anonymous Hacker house, who exposed Steubenville Rapists

FBI raided Anonymous Hacker house, who exposed Steubenville Rapists

June 08, 2013Mohit Kumar
Another member of the hacker collective Anonymous has been unmasked this week. FBI raided the home of Deric Lostutter in April. Two laptops, flash drives, CD's, an external hard-drive, cell phones and an Xbox were reportedly seized during the raid. Deric Lostutter, a 26-year-old from Winchester, is also known as KYAnonymous , a member of the hacktivist collective Anonymous who leaked a video showing the young men who raped an unconscious teenaged girl in Steubenville , Ohio, bragging about what they did in a disgustingly proud manner. In March, football stars Trent Mays, 17, and Ma'lik Richmond, 16, were convicted of the rape. They were sentenced to a minimum of one year in a juvenile detention institution with a maximum stay until they are 21. Lostutter, a self-employed IT security consultant and self-described Anonymous member, said that he'd just returned from a turkey hunt when he noticed what appeared to be a FedEx truck in his driveway. " As I open the doo
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.